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ENCRYPTION AND DECRYPTION KEY ARRANGEMENTS 

The present invention relates to apparatus arranged to 
encrypt messages or decrypt messages, particularly to 
communications apparatus arranged to encrypt messages prior to 
transmission and decrypt received messages. 
5 It is known to provide communications apparatus (for 

example facsimile machines) with the ability to encrypt 
messages prior to transmission and decrypt received messages. 
However, each such apparatus operates with a cypher of a 
predetermined, fixed cryptographic strength: two apparatus can 

10 only communicate with each other if they both use cyphers of 
the same strength. There are many circumstances in which this 
limits the ability for communications to be established. 

We have now devised an arrangement in which the cypher 
can be varied in strength, so that when any two apparatus wish 

15 to communicate with each other, a common cypher strength can 
be selected. 

Thus, in accordance with the present invention, there 
is provided an apparatus which is arranged to encrypt or 
decrypt messages, the apparatus being arranged to generate a 

20 session key of a variable selected number of characters and to 
distribute the characters of said session key in sequence into 
a predetermined number of groups to form a corresponding 
predetermined number of primitives, and further arranged to use 
said primitives, in accordance with a predetermined algorithm, 

25 to form a cypher key stream the characters of which are used 
in sequence to encrypt or decrypt successive characters (or 
other elements) of a message. 

In use of this apparatus, the length (i.e. the number 
of characters) of the session key can be selected: the longer 

30 the session key, the greater will be the strength of the 
cypher. 

Once the length of the session key to be used is 
decided upon, the session key is preferably randomly generated. 

Preferably the characters (typically numerical 
35 characters) of the session key are distributed into the 
predetermined number of groups in a manner forming a 



corresponding set of multi-digit numbers. For example, the 
first term allocated to each group may form the first digit of 
a multi-digit number, the second term allocated to that group 
forms the second digit of the multi-digit number, and so on. 
5 Preferably these multi-digit numbers are processed 

further in order to produce the corresponding set of 
primitives, used to form the cypher key stream. 

Preferably successive pairs of these multi-digit 
numbers are then subjected to an XOR (exclusive OR) process to 

10 form a corresponding set of results. 

Preferably predetermined values are then added to the 
respective results of the XOR process, to form a corresponding 
set of primitives. Preferably different values are added to 
the different results of the XOR process: preferably these 

15 different values are different multiples of a basic value. For 
example, 100 may be added to the first XOR result, 200 to the 
second, and so on. 

An embodiment of the present invention will now be 
described with reference to the accompanying drawings, in 

20 which: 

FIGURE 1 is a schematic block diagram showing part of 
the electronic system of communications apparatus in accordance 
with the present invention; and 

FIGURE 2 is a table showing the formation of six 
25 different groups of primitives from six session keys of 
different lengths . 

Referring to Figure 1, a communications apparatus (e.g. 
a facsimile machine) comprises means 10, in the form of a 
microprocessor, for encrypting a plain message M prior to 
30 transmission via a port 12. The microprocessor 10 is provided 
with a program memory 14 which stores an encryption algorithm 
and also an algorithm for forming a group of primitives from 
a session key. The microprocessor' is able to generate a 
session key on a random basis, of selected length. The 
35 microprocessor is also arranged to correspondingly decrypt 
messages received via the port 12. 

In effecting communication between two apparatus, these 
follow an initial protocol 'to determine the cryptographic 
strength to be employed: this determines the length of the 



session key to be used. Then the session key is randomly 
generated by the microprocessor 10 in one of the apparatus: 
Figure 2 shows six different examples, in which session keys 
of 56,48,40,32,18 and 12 decimal digits (186,159,133,106,60 and 
5 40 binary bits) are generated. 

Once the session key of selected length has been 
generated, the microprocessor distributes its digits, one- 
af ter-another, into 14 groups, in the same manner as dealing 
a pack of cards out to the players of a card game. Thus, 

10 referring to the first example in Figure 2, the first 14 digits 
(44490925319354) form the first digits of respective 4-digit 
numbers: continuing, the next 14 digits of the session key 
(89500321347811) form the second digits of the respective 4- 
digit numbers, the next 14 digits of the session key 

15 (67111248217917) form the third digits of the respective 4- 
digit numbers and the final 14 digits of the session key 
(36922366044359) form the fourth (and final) digits of the 
respective 4-digit numbers. In the first example in Figure 2, 
14 groups of 4-digit numbers are thus formed: however, in each 

20 of the other examples, the number of digits in the session key 
is not divisible by the number of groups (14) , so that 14 
numbers of differing numbers of digits are formed (in some 
cases, only a single digit) . 

In the next step, the microprocessor 10 combines 

25 successive pairs of the 14 numbers in an XOR (exclusive OR) 
procedure: in each of the examples shown in Figure 2, the 
second line gives the corresponding results. In particular, 
each number in the first line is combined with the XOR result 
of the proceeding number, in a process which involves an XOR 

30 function or their binary equivalents. 

In the next step (third line of each example shown in 
Figure 2) , the microprocessor 10 adds a multiple of 100 to each 
of the 14 results formed by the XOR procedure. Thus, to the 
first result, 100 is added: to the second result, 200 is 

35 added; to the third result, 300 is added, and so on up to the 
seventh result, to which 700 is added. Then, to the eighth 
result, 100 is added: to the ninth result, 200 is added, and 
so on up to the fourteenth result, to which 700 is added. The 
final results (last line in each of the 6 examples set out in 



4 

Figure 2) provide a set of 14 primitives. 

It will be appreciated that the second and third steps 
which have been described add complexity to the primitives 
finally produced. The third step in particular ensures that 
5 none of the primitives will be zero. 

The 14 primitives thus produced are used by the 
microprocessor, in accordance with the encryption algorithm, 
to form a cypher key stream comprising a long stream of digits. 
Then, in order to encrypt a plain message, the digits of this 

10 stream are taken one-after-another, and used in accordance with 
an encryption algorithm to encrypt respective, successive 
elements (e.g. characters or groups of characters) of the 
message to be transmitted. Similarly, in order to decrypt a 
received message, the digits of the cypher key stream are taken 

15 one-after-another and used, in accordance with a decryption 
algorithm (being the inverse of the encryption algorithm) to 
decrypt respective, successive elements of the received 
message . 



Claims 



An apparatus which is arranged to encrypt or decrypt 
messages, the apparatus being arranged to generate a session 
key of a variable selected number of characters and to 
distribute the characters of said session key in sequence into 
a predetermined number of groups to form a corresponding 
predetermined number of primitives, and further arranged to use 
said primitives, in accordance with a predetermined algorithm, 
to form a cypher key stream the characters of which are used 
in sequence to encrypt or decrypt successive characters (or 
other elements) of a message. 

2 ) An apparatus as claimed in claim 1, arranged to 
generate said session key in random manner. 

3 ) An apparatus as claimed in claim 1 or 2, arranged so 
that the characters of the session key are distributed into 
said predetermined number of groups in a manner forming a 
corresponding set of multi-digit numbers. 

4) An apparatus as claimed in claim 3, arranged to further 
process said multi-digit numbers to produce said primitives. 

5 ) An apparatus as claimed in claim 4, arranged to subject 
successive pairs of said multi-digit numbers to an exclusive 
OR process to form a corresponding set of results, and to 
process said results to produce said primitives. 

6 ) An apparatus as claimed in claim 5, arranged so to add 
predetermined values to the respective said results, to form 
said primitives. 

7 ) An apparatus as claimed in claim 6, arranged to add 
different said values to different said results. 

8 ) An apparatus as claimed in claim 7, arranged such that 
said different values are different multiples of a basic value. 
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9) An apparatus which is arranged to encrypt or decrypt 

messages, the apparatus being substantially as herein described 
with reference to the accompanying drawings. 
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